When You Travel, Your Data Travels Too

For the advantageous traveler, flying is a comfort. Your seat folds into a bed, your meal is prepared by five-star chefs, and your email is hacked via the in-flight WiFi.

Wait, what was that last one?

It turns out that when you travel, your data is at a greater risk than usual. In-flight WiFi is just one example—hotels, airport lounges, and even cars have vulnerabilities that can allow hackers to glean valuable data while you're in motion.

These vulnerabilities all have a common root—publicly available WiFi is easy to hack. The business owners who set up these networks aren't security professionals, and may overlook common security measures. This makes it easy for hackers who are on the same network to intercept other communications conducted via WiFi.

Here are some ways you can stop hackers from accessing your data while you're on the go.

Avoid in-flight and in-room WiFi

About a year ago, a USA Today columnist got an unsettling jolt mid-flight. What he felt wasn't turbulence—it was the knowledge that a stranger had been able to read the emails he was sending over the in-flight Wifi. The reporter was lucky—his potential hacker recognized that he was a reporter, and decided to cut him some slack by not stealing the information. Had he been sending financial documents or intellectual property, the outcome may have been different. (See what other employee behaviors put corporate data at risk in our whitepaper.)

You could resist the temptation to connect during your flight, and then check your email when you get to your hotel, but you run a pretty good risk of getting hacked there too. In 2015, security researchers located massive security flaws in the InnGate wireless routers that have become popular in hotel networks. An attacker could exploit these routers to deliver malware to your laptop, intercept your emails, or even clone your keycard and access your room.

Don’t sync your devices with Bluetooth

Stymied by both your airplane and your hotel, you might resort to checking Twitter from your rental car (not while driving, of course). Security researchers have pioneered ways that hackers could potentially take over your car while you're driving, but you probably don't need to worry about that yet. Instead, worry about Bluetooth. If you pair your phone or laptop with a car's Bluetooth connection, hackers can sniff this out and run the usual gamut of dirty tricks. If you happen to spring for any of the vehicles on this list of hackable cars, watch out.

Pretend you work for IT

Are you wondering why hackers can hack planes, hotels, and cars, but have a hard time hacking your company? At your company, you probably have at least one person whose job it is to make sure that your routers are patched, your firewall is working, and there's a strong password on your WiFi network (if you aren’t sure you have this, call us soon and you might also want to check out our whitepaper ) Automakers, airlines, and hotels don't tend to regard the information security of their guests and passengers as a primary mission objective.

Gogo Wireless, for example, doesn't require users to enter a password before logging in. This means that the traffic going across the airplane is unencrypted—anyone with a simple set of free or low-cost hacking tools can eavesdrop on passengers' communications. How can you get around these obstacles?

Use a VPN - A Virtual Private Network (VPN) can add an extra layer of security to your browsing by routing your traffic via an encrypted channel to a secure server. VPNs are a no-brainer for travel security, but not every VPN is going to be airtight. A free VPN might be worse for privacy than not having one at all. Check out Ars Technica's VPN guide for some information on how to choose a VPN.

Download the Tor Browser - This browser is a must when traveling abroad, and when used in conjunction with a decent VPN, it can make your traffic airtight. The Tor Browser is a free download that grew out of a project sponsored by the U.S. Navy, and it works by bouncing web traffic through random nodes. By both randomizing the path of your web traffic, and making your data unreadable, Tor makes it nearly impossible for eavesdroppers to snoop on your data.

Adopt PGP - If you absolutely must share email while travelling, do it using PGP. PGP (which stands for "pretty good privacy") uses a symmetric key algorithm to encrypt email messages. As long as both the sender and the recipient have copies of each other's public keys, an adversary will not be able to read an intercepted email. PGP is a good last line of defense—if Tor gets blocked and your VPN fails, PGP will still keep your emails private.

One last piece of advice: disconnect if you can afford to do so. While the methods above work against most hackers, they aren't foolproof. If you're not technical enough to make these methods work for you while you're traveling, your best bet is to avoid sending mission-critical communications while you're far from home. Relax, sip a drink, and rest assured that with your laptop turned off and stowed, it's as safe as it can possibly be.